KNTIC Pulse is a Deterministic State Machine that treats your ADRs as constitutional law — not suggestions. LLMs are dispatched as interchangeable implementers. All control flow remains deterministic, auditable, and LLM-independent.
Not an LLM-wrapper. Not a chatbot framework. A Constitutional Enforcement Engine with GIA-gated merges and autonomous REGEN drift remediation.
// The Problem: Architectural Entropy
Software does not rot from code errors. It rots from Architectural Entropy — the progressive, silent drift between Intent (your ADRs) and Execution (your Git state). Every commit is an opportunity for drift. Code review catches it only when the reviewer remembers the relevant ADR. Linting enforces syntax, not architectural intent. CI/CD verifies that code runs, not that it aligns. What is needed is a mechanism that treats ADRs as machine-readable constraints and continuously reconciles them against the living codebase. This is the KNTIC Protocol. The faster a team iterates — short cycles, high-velocity delivery, agile by design — the wider the entropy gap grows. KNTIC closes it at the point of introduction, not in a post-sprint retrospective.
Ungoverned AI Development
ADRs exist on paper, not in the pipeline.
Code review catches drift only when the reviewer remembers the relevant ADR — a cognitive load that scales poorly. Linting enforces syntax, not architectural intent.
No audit trail for AI-generated changes.
Code lands in the repository with no record of what triggered it, what constraints governed it, or what was validated before merge.
CI/CD verifies that code runs, not that it aligns.
Pipelines confirm functionality, not architectural compliance. A refactor may preserve behaviour while destroying a structural invariant. Drift surfaces in post-incident reviews — never at the point of introduction.
Speed and control remain mutually exclusive.
Teams either move fast and accept the governance risk, or they slow down and lose the productivity gains that justified AI adoption.
With Kntic
ADRs are constitutional law, not advisory documentation.
The Constitutional Layer treats ADRs as machine-readable constraints. Every task manifest references the ADRs it must satisfy. GIA blocks the merge if any constraint is violated — no exceptions.
Every agent action has a permanent, verifiable record.
Manifests in .kntic/manifests/ capture scope, constraints, and the full action log. Git is the audit trail.
The Verification Layer catches violations before they cost anything.
GIA performs bootstrap protection, changed file analysis, and extensible hook execution on every change — dependency graph, ADR compliance, regression suite — before merge.
LLMs are interchangeable implementers, not decision-makers.
The engine dispatches language models as stateless workers. They receive a task, execute it, and report a terminal status. They do not make state-transition decisions, validation judgments, or merge approvals.
For Engineering Teams
Every agent run is a manifest entry in Git. Scope is declared upfront. Nothing executes outside it. You get the speed of AI-assisted development without inheriting its ambiguity.
For Architecture & Security
ADRs are validated at merge time, not reviewed in quarterly audits. Every change carries a verifiable compliance fingerprint. No AI output bypasses your architectural standards.
For Engineering Leadership
The productivity case for AI is clear. The governance case has been missing. Kntic closes that gap — making AI-assisted development something you can defend to a board, an auditor, or a regulator.
// System of Record
The Orchestration Layer drives every task through a deterministic state machine. A task manifest declares scope and constraints up front. The Verification Layer computes an Alignment Score across 4 weighted dimensions — bootstrap integrity, hook results, schema compliance, and security isolation — with configurable weights stored in .kntic/gia/weights.json. The engine-managed hook internal/001-adr-compliance.py programmatically validates ADR-001 through ADR-007. The score A = Σ(dim · weight) / Δ must reach the merge threshold before anything lands. State lives in JSON files in Git — not in a database.
// .kntic/manifests/TASK-0412.json
{
"task_id": "TASK-0412",
"title": "Reconcile auth layer with ADR-014",
"status": "in_progress",
"priority": "high",
"created_at": "2026-02-20T18:42:00+00:00",
"description": "Auth middleware missing on 3 protected
routes — violates ADR-014. Reconcile.",
"context_scope": {
"read_only": [
"docs/adr/ADR-001.md",
"docs/adr/ADR-014.md"
],
"write_access": [
"src/auth/**"
]
},
"verification": {
"test_command": "pytest tests/auth/",
"required_coverage": 90
},
"actions": [/* append-only audit log */]
}
Deterministic State Machine
↻ refactoring · agent self-corrects back to in_progress | needs_review · agent halts, human intervenes | backlog
GIA Gate Result
A = Σ(dim · weight) / Δ ≥ 1 · 4 dimensions · Δ = 4 files · weights from gia/weights.json
ADR Compliance Audit
Alignment Score
1.0 / 4 dims
GIA Gate
PASS
Runs Traced
100%
REGEN Loop
24/7
// The KNTIC Protocol — Three-Layer Reconciliation
A reconciliation architecture with three layers, each serving a distinct function in maintaining alignment between Intent and Execution. ADRs are declared once as machine-readable constraints in the Constitutional Layer. The Orchestrator governs all state transitions deterministically — LLMs may implement tasks, but they never make state-transition decisions, validation judgments, or merge approvals. GIA scores every change across 4 weighted dimensions with configurable weights before every merge. Engine-managed hooks in hooks/gia/internal/ programmatically validate ADR-001–007 compliance. The REGEN loop autonomously remediates any drift that surfaces post-merge.
.kntic/
├── docs/ ← Proposals + architectural ground truth
│ ├── KNITIC-WHITEPAPER.MD ← Architectural ground truth
│ ├── PROPOSAL-006-Multi-Branch-Orchestration-Strategy.md ← proposed
│ ├── PROPOSAL-008-Agent-Scope-Enforcement-At-Runtime.md ← proposed
│ ├── PROPOSAL-011-REGEN-Auto-Detection-Via-GIA-Drift-Analysis.md ← proposed
│ └── archive/ ← Accepted proposals
│ ├── PROPOSAL-001-Continuous-GIA-Alignment-Score.md ← accepted
│ └── PROPOSAL-002-Dashboard-API-Authentication.md ← accepted
├── MEMORY.MD ← Agent persistent working memory
├── manifests/ ← Task state storage (FSM source of truth)
│ ├── TASK-0412.json
│ └── REGEN-003.json
├── adrs/ ← Constitutional laws
│ ├── ADR-001-Bootstrapping.md
│ ├── ADR-002-Security-Isolation.md
│ ├── ADR-003-Task-Schema.md
│ ├── ADR-004-GIA-State-File-Contract.md
│ ├── ADR-005-Technical-Debt-Task-Convention.md
│ ├── ADR-006-ADR-Guidelines.md
│ └── ADR-007-Proposal-Format-And-Handling.md
├── gia/ ← GIA state persistence
│ ├── state.json ← Alignment Score + dimension results
│ └── weights.json ← Configurable dimension weights
├── hooks/ ← Extensible validation hooks
│ └── gia/ ← GIA hook discovery root
│ ├── internal/ ← Engine-managed hooks (auto-discovered)
│ │ └── 001-adr-compliance.py ← ADR-001–007 compliance
│ └── specific/ ← Project-specific hooks
│ └── 001-unit-tests.sh ← Brand naming + unit test runner
└── lib/ ← Core engine runtime
├── orchestrator.py ← Deterministic state machine
├── agent_runner.py ← Agent lifecycle manager
├── sanitize_pi.py ← Output sanitizer
└── skills/
├── validator.py ← GIA engine + bootstrap protection
└── navigation.py ← File discovery utilitiesNamespace + security perimeter. The entire engine is isolated within .kntic/. Hooks are extensible — hooks/gia/internal/ contains engine-managed hooks, hooks/gia/specific/ holds project-specific scripts. Drop project-specific scripts into hooks/gia/specific/ — engine-managed hooks live in hooks/gia/internal/. Active proposals live in docs/; accepted proposals are archived to docs/archive/.
These are real REGEN operations where the engine detected architectural drift post-merge, generated a remediation manifest, dispatched an agent, and validated the fix through the full GIA gate — with no human intervention.
Drift: .agent/ naming convention was not pluggable
Fix: Migrated to .kntic/ pluggable architecture
Drift: Orchestrator files scattered across repo root
Fix: Consolidated all engine files into .kntic/lib/
Drift: Broken validator imports after directory migration
Fix: Added __init__.py files; fixed import chains
Each fix passed the same GIA gate. REGEN tasks receive no special exemptions.
Write your architectural constraints into ADR files in .kntic/adrs/ and agent memory in MEMORY.MD. These are machine-readable constraints — not suggestions. This is a one-time setup that governs every agent execution from that point forward.
Each task is a JSON manifest declaring what the agent may read, what it may write, which ADRs apply, and what GIA threshold must be met. Ambiguous tasks wait at needs_review for a human decision before the agent proceeds.
When the agent marks a task ready_for_merge, GIA scores all 4 dimensions using weights from .kntic/gia/weights.json, computes the change delta, and executes hooks discovered in .kntic/hooks/gia/ (including internal/ subdirectory). A ≥ 1: the Orchestrator sets status to merged. A < 1: the task re-enters refactoring. The result is written atomically to state.json.
After each merge, the REGEN (Regeneration) protocol rescans the alignment gap. Any new drift generates a REGEN- prefixed manifest automatically. The agent dispatches, remediates, and the fix passes through the same GIA gate. Entropy is not eliminated — it is managed deterministically.
{
"task_id": "SEC-014",
"title": "Enforce least-privilege token scopes on all outbound API clients",
"status": "merged",
"priority": "critical",
"created_at": "2026-02-20T09:14:22.417+00:00",
"updated_at": "2026-02-20T11:03:58.891+00:00",
"description": "GIA drift scan detected 4 outbound API clients passing
root-scoped bearer tokens to third-party endpoints, violating
ADR-009 (least-privilege external auth). Tokens must be
scoped per-service. Wildcards are an ADR-009 violation.",
"context_scope": {
"read_only": [
"docs/adr/ADR-009-External-Auth-Scoping.md",
"docs/adr/ADR-003-Zero-Trust-Boundaries.md",
"AGENT.md"
],
"write_access": [
"src/integrations/stripe/client.ts",
"src/integrations/sendgrid/client.ts",
"src/integrations/datadog/client.ts",
"src/integrations/pagerduty/client.ts",
"src/auth/token-factory.ts",
".kntic/manifests/SEC-014.json"
]
},
"notes": "Root cause: token-factory.ts was issuing a single global
bearer token shared across all outbound clients. Fix: replaced
with per-service scoped token instantiation. Wildcard scope
('*') removed from all 4 clients. GIA confirms 0 remaining
violations. ADR-009 and ADR-003 compliance fully restored.",
"actions": [
{
"timestamp": "2026-02-20T09:14:22.417+00:00",
"status": "todo",
"summary": "GIA drift scan flagged wildcard token scope ('*') in 4
outbound integration clients — violates ADR-009 and ADR-003.
SEC-014 manifest generated and queued for pickup."
},
{
"timestamp": "2026-02-20T09:31:05.002+00:00",
"status": "in_progress",
"summary": "Agent picked up SEC-014. Dependency graph traced.
token-factory.ts confirmed as root cause — single global
bearer token shared across all 4 outbound clients."
},
{
"timestamp": "2026-02-20T10:12:47.559+00:00",
"status": "refactoring",
"summary": "GIA validation failed: sendgrid/client.ts still passing
wildcard scope after initial patch. Agent re-entered
refactoring to fix missed interpolation in token builder."
},
{
"timestamp": "2026-02-20T10:47:33.619+00:00",
"status": "in_progress",
"summary": "Wildcard scope fully removed from all 4 clients.
token-factory.ts now emits scoped tokens per service
identity. Integration tests updated and passing."
},
{
"timestamp": "2026-02-20T11:01:14.308+00:00",
"status": "ready_for_merge",
"summary": "Agent signalled completion. Awaiting GIA gate.
ADR-009 scope compliance verified locally across
all 4 clients. 214 integration tests passing."
},
{
"timestamp": "2026-02-20T11:03:58.891+00:00",
"status": "merged",
"summary": "GIA passed. Alignment gap: 0. ADR-009 + ADR-003 compliant.
Orchestrator set status to merged. Changes committed
and pushed. Reconciliation loop rescheduled on_merge."
}
]
}// Alignment Score — By The Numbers
GIA Gate Result
Undetected Drift Events
Agent Runs Traced
Reconcile Uptime